2709 matches found
CVE-2026-59734
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, Coolify's app/Jobs/ApplicationDeploymentJob.php generatehealthcheckcommands function directly interpolated the healthcheckhost, healthcheckmethod, and healthcheckpath...
EUVD-2026-42657
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, Coolify's app/Jobs/ApplicationDeploymentJob.php generatehealthcheckcommands function directly interpolated the healthcheckhost, healthcheckmethod, and healthcheckpath...
CVE-2026-59734
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, Coolify's app/Jobs/ApplicationDeploymentJob.php generatehealthcheckcommands function directly interpolated the healthcheckhost, healthcheckmethod, and healthcheckpath...
CVE-2026-55433
Coder: Devcontainer recreate endpoint lacked ActionUpdate authorization, allowing read-only workspace roles to trigger destructive rebuilds. Affected versions prior to 2.29.7, 2.32.7, 2.33.8, and 2.34.2 trusted by the endpoint; fix adds ActionUpdate check before dialing the agent, mirroring the d...
CVE-2026-55433 Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...
CVE-2026-55433 Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...
GO-2026-5922 Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers in github.com/coder/coder
Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers in github.com/coder/coder...
PYSEC-2026-2003 vantage6 has insecure SSH configuration for node and server containers
Impact Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. We will probably opt to...
CVE-2026-34058 Coolify: OS Command Injection via Unmanaged Container Operations - Remote Code Execution
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Livewire component Server\Resources exposes public methods startUnmanaged, stopUnmanaged, restartUnmanaged that accept a container ID parameter directly from the browse...
[SECURITY] Fedora 43 Update: prometheus-podman-exporter-1.21.2-1.fc43
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...
[SECURITY] Fedora 44 Update: prometheus-podman-exporter-1.21.2-1.fc44
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...
GHSA-JQJ2-X4C5-JFXM Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers
Summary The devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, performed no ActionUpdate check before triggering the destructive rebuild. Note: Exploitation requires an existing low-privilege role with...
[SECURITY] Fedora 43 Update: buildah-1.43.2-1.fc43
The buildah package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a ne...
[SECURITY] Fedora 43 Update: apptainer-1.5.2-1.fc43
Apptainer provides functionality to make portable containers that can be used across host environments...
[SECURITY] Fedora 44 Update: apptainer-1.5.2-1.fc44
Apptainer provides functionality to make portable containers that can be used across host environments...
GHSA-VX8H-4PRV-G744 Rancher has Privilege Escalation from Project Owner to Host
Impact A vulnerability has been identified in Rancher Manager that allows users assigned the Project Owner role to modify Pod Security Admission PSA labels on namespaces within their projects. Under the default role configuration, an attacker with the following access pattern can exploit this...
EUVD-2026-36102
Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation...
Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services 4.18 shipped with IBM Business Automation Workflow containers June 2026
Summary IBM Business Automation Workflow containers include IBM Cloud Pak foundational services. IBM Business Automation Workflow containers June 2026 security fixes update this dependency beyond 4.18 to address security vulnerabilities. Vulnerability Details CVEID:CVE-2024-45310 DESCRIPTION: run...
[SECURITY] Fedora 43 Update: prometheus-podman-exporter-1.21.1-1.fc43
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...
[SECURITY] Fedora 44 Update: prometheus-podman-exporter-1.21.1-1.fc44
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...